CVE-2015-3088

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html

http://rhn.redhat.com/errata/RHSA-2015-1005.html

http://www.securityfocus.com/bid/74609

http://www.securitytracker.com/id/1032285

https://helpx.adobe.com/security/products/flash-player/apsb15-09.html

https://security.gentoo.org/glsa/201505-02

https://www.exploit-db.com/exploits/37844/

Details

Source: MITRE

Published: 2015-05-13

Updated: 2017-09-17

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
8814Flash Player < 17.0.0.189 (inferred) Multiple Vulnerabilities (APSB15-06 through 11) Nessus Network MonitorWeb Clients
high
8812Adobe AIR < 17.0.0.172 Multiple Vulnerabilities (APSB15-09)Nessus Network MonitorWeb Clients
high
8811Flash Player < 13.0.0.289 / 17.0.0.188 Multiple Vulnerabilities (APSB15-09)Nessus Network MonitorWeb Clients
high
8780Google Chrome < 42.0.2311.152 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
84161Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09)NessusMacOS X Local Security Checks
critical
84157Adobe AIR <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09)NessusWindows
critical
83911GLSA-201505-02 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
83559openSUSE Security Update : flash-player (openSUSE-2015-372)NessusSuSE Local Security Checks
critical
83486SuSE 11.3 Security Update : flash-player (SAT Patch Number 10680)NessusSuSE Local Security Checks
critical
83442FreeBSD : Adobe Flash Player -- critical vulnerabilities (e206df57-f97b-11e4-b799-c485083ca99c)NessusFreeBSD Local Security Checks
critical
83431RHEL 5 / 6 : flash-plugin (RHSA-2015:1005)NessusRed Hat Local Security Checks
critical
83369MS KB3061904: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
83368Google Chrome < 42.0.2311.152 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
83367Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09) (Mac OS X)NessusMacOS X Local Security Checks
critical
83366Google Chrome < 42.0.2311.152 Multiple VulnerabilitiesNessusWindows
critical
83365Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09)NessusWindows
critical